Microsoft and the future of cyber-security

Asina Pornwasin
The Nation
Redmond, Seattle June 24, 2014 1:00 am

US giant sets out its strategy, commitment to keeping devices and users safe in a rapidly developing tech-driven world

The future of cyberspace is more than about just bigger numbers. By 2025, it is forecast that more than 91 per cent of people in developed countries and nearly 69 per cent of those in emerging economies will be using the Internet - but with more users/usages, there are more risks involved.

Adrienne Hall, general manager of Microsoft's Trustworthy Computing Group, said Microsoft had released a report called "Cyberspace 2025: Today's Decisions, Tomorrow's Terrain" that unveiled three scenarios for the future of cyber-security. These are detailed in the report and described as "Peak," "Plateau" and "Canyon".

To continue delivering ground-breaking new services, governments, industry and other interested parties need to find the right policies to manage both the complexities and opportunities posed by information and communications technology (ICT).

For example, policy choices can enable economic growth, or potentially restrict progress through more insular approaches that stifle innovation, she said.

Microsoft's "The Cyber 2025 Model" study predicts that there will be 4.7 billion Internet users in 2025 and that nearly half of them will have come online between 2012 and 2025, almost entirely from emerging economies.

By 2025, India will experience growth of over 3,000 per cent in the total number of broadband subscriptions, from about 20 million in 2012 to more than 700 million.

"Microsoft Trustworthy Computing [TwC] is set to deal with the cyber-security issues that are foreseen as the big challenge in the near future," said Hall.

The force and pace of technological change over the next decade will present challenges and opportunities for individuals, societal organisations, businesses and governments. One of the primary challenges facing government policy-makers is how to balance massive technological change and simultaneously manage the new generation of risks to cyber-security, she said.

The World Economic Forum has also identified cyber-security among its top global risks for the last eight years. Amid the increasing complexity of today's computing-threat landscape and the growing sophistication of criminal attacks, enterprise organisations and governments are more focused than ever on protecting their computing environments so that they and their constituents are safer online.

Currently, the cyber-space scenario is that around 70 per cent of enterprises are already using or moving toward cloud computing, while 15 billion devices will be connected to the Internet. It requires government-led strategies and frameworks and needs a collaborative response to deal with cyber-security, she explained.

Microsoft's TwC commitments

The company's Trustworthy Computing organisation focuses on creating and delivering secure, private and reliable computing experiences based on sound business practices.

To help protect users from malicious Web pages, Microsoft and other browser vendors have developed filters that keep track of sites that host malware and phishing attacks and display prominent warnings when users try to navigate to them.

According to the "Microsoft Security Intelligence Report", most attempts by malware to infect computers are unsuccessful. More than three-quarters of Internet-connected personal computers worldwide are protected by real-time security software that constantly monitors the computer and network traffic for threats and blocks them before they can infect the computer, if possible.

Therefore, for a comprehensive understanding of the malware landscape, it is important to consider infection attempts that are blocked as well as infections that are removed.

Microsoft uses two different metrics to measure malware prevalence: encounter rate and computers cleaned per mille.

Encounter rate is simply the percentage of computers running Microsoft real-time security products that report a malware encounter. Meanwhile, computers cleaned per mille, or CCM, is an infection-rate metric that is defined as the number of computers cleaned for every 1,000 unique computers executing the Malicious Software Removal Tool, a free tool distributed through Microsoft update services that removes more than 200 highly prevalent or serious threats from computers.

Paul Nicholas, senior director of Microsoft's Global Security Strategy and Diplomacy, said that in an era of massive technological change and innovation, privacy is important to people around the world, particularly as data-intensive online activities become the norm.

Robust privacy management is important in gaining and maintaining customer and stakeholder trust, and to enable valuable data uses.

"Microsoft found a strong relationship between technology adoption and cyber-security. In particular, the research revealed that emerging economies are likely to experience an increase in cyber-security incidents as their technology adoption grows," he said.

Understanding the growth patterns of technology and the resulting risks will be essential to designing appropriate protections against online threats. With more than a billion systems using its products and services worldwide, Microsoft collaborates with partners, industry and governments to help create a safer, more trusted Internet, he added.

Nicholas explained that there are five technology trends with privacy implications: ubiquitous computing, natural interactions, bid data in the cloud and data-driven innovation, tailored and social experience, and data collection and use by government.

Microsoft's chief privacy officer Brendon Lynch said that Microsoft's security technology approach to helping businesses keep their privacy promises with customers was not just about the technologies, as it offered the policy and process as well as people.

"It is not just software products, it is about the cloud. Over 10 years of our investment in privacy and security programs as a part of Trustworthy Computing, privacy is designed with a commitment to use enterprise customers' information only to deliver services - and not for ads," said Lynch.

Online safety is about risk management maximising online experience while minimising those tied to illegal, inappropriate or illegitimate the online risks that normally involve the "4Cs" - content, contact, conduct and commerce.

"Microsoft's approach to online safety is to offer technology innovation, to be a partner, and to provide awareness and education about children's online safety," she said.

Public-private collaboration

Microsoft believes that public and private-sector leaders working together can chart a course that enhances the security, privacy and reliability of cyberspace in 2025 and expands ICT opportunity for economies in all stages of development.

Microsoft encourages public and private-sector leaders to prioritise these key areas. First are governance models that provide clear policy direction and a national or regional framework for cyber-security.

Ideally, these models will include commitments to an open, free Internet where privacy is protected, harmonisation of cyber-security laws and standards internationally, and support of global free trade.

Second is talent development that is supported by strategic investments in infrastructure and research and development. These investments should balance talent mobility and retention, with an emphasis on educating a modern workforce that can sustain innovation.

And third is global cooperation that advances cyber-security risk management and coordination among stakeholders both domestically and internationally, with a focus on developing global norms that support stability and security in cyberspace.

Cyber 2025

_ 80 per cent of Internet connections could originate from a mobile device by the year 2025.

_ Over 50 billion objects are expected to be connected to the Internet by 2020.

_ By 2025, emerging economies will have overtaken developed countries as the larger market for in-home consumer electronics, with emerging economies comprising more 60 per cent of the global market.

_ By 2025, most of the data created in the world will move through or be stored in the cloud at some point.

The Threats

An exploit

An exploit is malicious code that takes advantage of software vulnerabilities to infect, disrupt or take control of a computer without the user's consent and typically without their knowledge.

E-mail threats

More than 75 per cent of the e-mail messages sent over the Internet are unwanted. Not only does all this unwanted e-mail tax recipients' inboxes and the resources of e-mail providers, but it also creates an environment in which e-mailed malware attacks and phishing attempts can proliferate.

Malicious websites

Attackers often use websites to conduct phishing attacks or distribute malware. Malicious websites typically appear to be completely legitimate, and provide no outward indicators of their malicious nature even to experienced computer users.